Avoiding Pitfalls of the New Hybrid Cloud
Companies are no longer asking if they should move to the cloud. The answer is now a resounding, “Yes.” In fact, Gartner projected that 2015 spending on Infrastructure-as-a-Service (IaaS)alone would hit $16.5 billion, an increase of 32.8 percent from 2014.
Naturally, the primary question about cloud adoption has evolved to be, “Which cloud should we move to?” For many, the answer is, “More than one.” EMA Research polled more than 400 IT decision makers in the US, EMEA and APAC and found that, on average, companies are using three IaaS providers.
The trend introduces yet another interpretation of the term “hybrid cloud,” where the infrastructure is comprised of multiple cloud vendors instead of a mix of on-premise and cloud or private cloud and public cloud.
While some companies end up with this type of hybrid cloud environment due to Shadow IT or department-level fragmentation, companies are increasingly turning to multiple vendors as part of a strategy to:
• Capitalize on varying benefits of cloud providers based on project needs
• Diversify to avoid vendor lock in
• Protect business by running applications on one vendor and relying on another vendor for backup and disaster recovery
When evaluating cloud platforms – whether initially or when moving to a multi-cloud strategy –it is important to fundamentally assess business and technical needs and then match them to the provider. While some view cloud infrastructure as a commodity and pricing wars make for intriguing headlines, the reality is providers offer varying levels of native functionality, ecosystem extensions and support. The size and expertise of a team as well as business expectations (i.e. expansion projections, international deals, budget flexibility, zero downtime) are all factors in determining the right cloud strategy and provider(s).
Cost efficiency is one of the biggest promises of cloud, but that benefit is quickly diminished by clouds that do not provide insight into projected spend.
Here are some of the key questions to consider when moving to cloud or expanding a cloud environment:
What tools are available to monitor and manage my cloud environment?
Cloud gives teams the ability to quickly spin up environments to satisfy rapidly emerging business needs – whether it be deploying a new product offering, launching a new application, or executing test and development.
That said, perhaps one of the biggest complaints about cloud is that users do not get the same level of visibility and control as they are accustomed to from their own infrastructure. As such, it is difficult for the IT team to optimize resources and anticipate potential issues. Most cloud vendors – even market leaders – point customers to a vast third party ecosystem to address the problem, often resulting in additional costs and resource expenditures.
For teams that need to limit man hours and budget spent on managing the cloud infrastructure, cloud platforms that include a comprehensive management console are most attractive. However, it is critical for teams to actually get a demonstration of the tool and clarity on what functionality is included and what costs extra.
Does the console detail all compute, storage and networking resources and allow users to manage and report on them? Does it provide features that combat issues associated with expanding teams or employee turnover? Can users execute backups and disaster recovery? Can alerts be set to stay ahead of potential issues? Can resources be readily scaled? Is role-based access included? And most importantly, is it easy to use?
How can we predict, control and allocate costs?
Cost efficiency is one of the biggest promises of cloud, but that benefit is quickly diminished by clouds that do not provide insight into projected spend. Many times, users spin up environments and forget to turn them off which can quickly accrue unexpected costs. Once again, a native management console is key to addressing the problem.
And what about billing? Organizations that need to easily understand costs and allocate them to specific projects or teams should ask their providers for an example bill. Is it straightforward and easy to explain? Does it provide the required level of detail? Many times, bills from cloud providers span endless pages that require experts and add-on tools to decipher.
What security is included as part of the platform? How easy is it to extend those capabilities?
We have found that many companies we speak to believe they have taken the proper precautions when it comes to cloud security, but they are really flying blind. Because vendors do not typically provide detailed security reports or integrated security solutions, cloud customers are left struggling to figure out what is protected, where the gaps are, and how to fill those gaps with a host of technologies that do not always play nice with each other. For small and mid-sized companies that generally do not have a chief security officer or security expert, this is crippling.
When evaluating a cloud vendor, companies should take security seriously and not settle for a simple assurance the cloud is secure. Ask about vulnerability scanning, encryption at rest, intrusion detection, antivirus and malware detection, alerts and reporting. Again, what is included and what costs extra?
How easy is it to address corporate, industry and government compliance?
As industry, corporate and government regulations evolve, it is critical for companies to stay ahead of compliance considerations. The purpose of compliance is to mitigate risks for a company and its customers. Security plays a large role, but just because a cloud is secure does not mean it is compliant. Do not assume a cloud provider is bound by Business Agreements to handle data to the same standards as your organization.
Compliancy claims are only as good as the evidence that supports them. Ask if the provider has Compliancy and Security teams that are aligned and whether they can provide auditor reports. Are they willing to help you execute governance evaluations or participate in audits? Varying levels of reporting and support can mean the difference between minutes or months of auditing time.
Is the platform truly designed to meet enterprise needs, or was it an afterthought?
Today, many vendors tout they offer enterprise cloud platforms, but customers shouldtake a closer look to ensure expectations can be met. The networking setup is one of the biggest indicators of whether a cloud was designed for enterprise.
For web companies or teams that do not have major security concerns, there is no real issue with having a cloud that uses a public IP address on the internet. This is a common practice for some of the low-cost clouds that play the biggest roles in pricing wars.
However, for most enterprises, this approach is not sufficient. Enterprise clouds should put networking considerations first, starting with a secure firewall and enabling customers to leverage network topologies that are very similar to what they used to in on-premise environments. If that basic need is not met, you can expect other issues will arise.
It is easy to stick the “commodity” label on cloud, but industry survey numbers consistently show that cloud customers will not settle for environments that do not fully meet their business and technical requirements. The reality is, even within a single organization, one cloud platform may not fit all needs. By asking cloud providers these questions, teams can get a significant head start in getting the cloud benefits they seek. And it’s important to note that cloud providers should have fast, straightforward answers to these questions. The vetting process should not be a barrier; it should be validation your cloud strategy is the right one.